Description
IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
Published: 2026-02-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to trigger a denial of service by sending an invalid U-format frame to a Hitachi Energy RTU500 series CMU firmware device when IEC 60870‑5‑104 bi‑directional functionality is enabled. The invalid frame is processed during reception, potentially causing a hang or reset of the communication stack. The flaw, identified as CWE‑184, is rated with a CVSS score of 8.7, marking it high severity. While enabling secure communication per IEC 62351‑3 does not patch the flaw, it reduces the likelihood that malicious frames reach the device.

Affected Systems

This defect affects the Hitachi Energy RTU500 series CMU firmware used in RTU520, RTU530, RTU540, and RTU560 devices. All models running firmware version 13.8.1 are known to be vulnerable, as are devices operating any prior firmware that includes the same vulnerable code path.

Risk and Exploitability

The likelihood of exploitation is reflected in an EPSS score of less than 1 %, suggesting that known exploitations are rare or limited. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but the high CVSS still warrants remediation. An attacker would need network access to the IEC 60870‑5‑104 channel and the ability to transmit malformed frames; enabling secure communication per IEC 62351‑3 mitigates the risk but does not eliminate the vulnerability.

Generated by OpenCVE AI on May 26, 2026 at 16:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware on all affected RTU520, RTU530, RTU540, and RTU560 units to a version that addresses the U‑format frame handling issue.
  • If an immediate firmware update is impractical, disable the bi‑directional IEC 60870‑5‑104 mode on devices that do not require it to prevent the fault condition.
  • Activate secure transmission as defined in IEC 62351‑3 to reduce the chance that malicious frames can be delivered, and monitor the IEC 60870‑5‑104 traffic for suspicious activity.

Generated by OpenCVE AI on May 26, 2026 at 16:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Invalid U-Format Frame in IEC 60870-5-104

Tue, 26 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation. IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

Thu, 16 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Invalid U-Format Frame in IEC 60870-5-104

Sat, 28 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy rtu520
Hitachienergy rtu520 Firmware
Hitachienergy rtu530
Hitachienergy rtu530 Firmware
Hitachienergy rtu540
Hitachienergy rtu540 Firmware
Hitachienergy rtu560
Hitachienergy rtu560 Firmware
CPEs cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:13.8.1:*:*:*:*:*:*:*
Vendors & Products Hitachienergy rtu520
Hitachienergy rtu520 Firmware
Hitachienergy rtu530
Hitachienergy rtu530 Firmware
Hitachienergy rtu540
Hitachienergy rtu540 Firmware
Hitachienergy rtu560
Hitachienergy rtu560 Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy
Hitachienergy rtu500 Firmware
Vendors & Products Hitachienergy
Hitachienergy rtu500 Firmware

Tue, 24 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20 CWE-184

Tue, 24 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
Description IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hitachienergy Rtu500 Firmware Rtu520 Rtu520 Firmware Rtu530 Rtu530 Firmware Rtu540 Rtu540 Firmware Rtu560 Rtu560 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published:

Updated: 2026-05-27T14:50:01.447Z

Reserved: 2026-02-02T16:28:59.394Z

Link: CVE-2026-1773

cve-icon Vulnrichment

Updated: 2026-02-28T02:19:54.971Z

cve-icon NVD

Status : Modified

Published: 2026-02-24T14:16:22.420

Modified: 2026-05-26T16:16:22.107

Link: CVE-2026-1773

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:45:06Z

Weaknesses